Opensuse

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-8576 4Debian OpensuseQemu+1 more 5Debian Linux LeapOpenstack+2 more May 6, 2026 Nov 4, 2016 N/A· v4 6.0 MEDIUM· v3 2.1 LOW· v2 The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the n...Show more The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process.Show less
CVE-2016-6323 3Fedoraproject GnuOpensuse 3Fedora GlibcOpensuse May 6, 2026 Oct 7, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to ca...Show more The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation.Show less
CVE-2016-7141 2Haxx Opensuse 2Leap Libcurl May 6, 2026 Oct 3, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded...Show more curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.Show less
CVE-2016-6905 2Libgd Opensuse 3Leap LibgdOpensuse May 6, 2026 Oct 3, 2016 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image.
CVE-2013-4118 2Freerdp Opensuse 3Freerdp LeapOpensuse May 6, 2026 Oct 3, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 FreeRDP before 1.1.0-beta1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.
CVE-2016-6352 3Canonical GnomeOpensuse 4Gdk Pixbuf LeapOpensuse+1 more May 6, 2026 Oct 3, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file.
CVE-2016-7445 2Opensuse Uclouvain 2Leap Openjpeg May 6, 2026 Oct 3, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.
CVE-2016-3623 2Libtiff Opensuse 2Libtiff Opensuse May 6, 2026 Oct 3, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0.
CVE-2016-6172 2Opensuse Powerdns 3Authoritative Server LeapOpensuse May 6, 2026 Sep 26, 2016 N/A· v4 6.8 MEDIUM· v3 7.1 HIGH· v2 PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response.
CVE-2016-6153 3Fedoraproject OpensuseSqlite 3Fedora LeapSqlite May 6, 2026 Sep 26, 2016 N/A· v4 5.9 MEDIUM· v3 4.6 MEDIUM· v2 os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unsp...Show more os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.Show less
CVE-2016-5746 2Opensuse Yast 4Leap LibstorageLibstorage Ng+1 more May 6, 2026 Sep 26, 2016 N/A· v4 5.1 MEDIUM· v3 1.2 LOW· v2 libstorage, libstorage-ng, and yast-storage improperly store passphrases for encrypted storage devices in a temporary file on disk, which might allow local users to obtain sensitive information by reading the file, as de...Show more libstorage, libstorage-ng, and yast-storage improperly store passphrases for encrypted storage devices in a temporary file on disk, which might allow local users to obtain sensitive information by reading the file, as demonstrated by /tmp/libstorage-XXXXXX/pwdf.Show less
CVE-2016-4303 4Debian EsNovell+1 more 5Debian Linux Iperf3Leap+2 more May 6, 2026 Sep 26, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string,...Show more The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow.Show less
CVE-2016-6265 2Artifex Opensuse 3Leap MupdfOpensuse May 6, 2026 Sep 22, 2016 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service (crash) via a crafted PDF file.
CVE-2016-5167 2Google Opensuse 2Chrome Leap May 6, 2026 Sep 11, 2016 N/A· v4 8.8 HIGH· v3 7.5 HIGH· v2 Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vector...Show more Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.Show less
CVE-2016-5166 2Google Opensuse 2Chrome Leap May 6, 2026 Sep 11, 2016 N/A· v4 3.1 LOW· v3 2.6 LOW· v2 The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it e...Show more The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and conduct SMB relay attacks via a crafted web page that is accessed with the "Save page as" menu choice.Show less
CVE-2016-5165 2Google Opensuse 2Chrome Leap May 6, 2026 Sep 11, 2016 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitra...Show more Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the settings parameter in a chrome-devtools-frontend.appspot.com URL's query string.Show less
CVE-2016-5164 2Google Opensuse 2Chrome Leap May 6, 2026 Sep 11, 2016 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote at...Show more Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the Developer Tools (aka DevTools) subsystem via a crafted web site, aka "Universal XSS (UXSS)."Show less
CVE-2016-5163 2Google Opensuse 2Chrome Leap May 6, 2026 Sep 11, 2016 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not ensure left-to-right (LTR) rendering of URLs, which allows remote attackers to spoo...Show more The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not ensure left-to-right (LTR) rendering of URLs, which allows remote attackers to spoof the address bar via crafted right-to-left (RTL) Unicode text, related to omnibox/SuggestionView.java and omnibox/UrlBar.java in Chrome for Android.Show less
CVE-2016-5162 2Google Opensuse 2Chrome Leap May 6, 2026 Sep 11, 2016 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifes...Show more The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5160.Show less
CVE-2016-5161 2Google Opensuse 2Chrome Leap May 6, 2026 Sep 11, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles custom properti...Show more The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles custom properties, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site that leverages "type confusion" in the StylePropertySerializer class.Show less

Previous 1...909192...164 Next